If you can’t get enough of the local security scene, check out our NovaInfosec Twits list for even more great security blogs and people to follow on Twitter. Also be sure to follow myself (@nathiet), @grecs, and @novainfosec on Twitter if you want to know more about what’s going on in the local security community during the week.

If you entered our competition early on this week, we now have a winner of TaoSecurity Recommended Books. Click here to find out if you won or not.

And without further ado … here are the top picks for this week.

#3 -Dell Needs a PSIRT: Why does dell need a PSIRT? Richard Bejtlich answers that question for. Click here to find out about Richard’s answer.

#2 -Encrypt stored data in Android: Tim Donaworth gives a tip on securing data in Android since “Android requires SD cards to be formatted in VFAT, it leaves a bit of a hole when it comes to security for files stored here.” Click here to read about Tim’s tip on securing data in data since “storing sensitive information here isn’t going to be the best thing to do. With some devices having limited internal storage though, this might be your only option, or depending on what the data is, you may require large amounts of storage space.”

#1 -The Biggest Problem: We all wonder what the biggest problem could be! Chris tells us about his biggest problem he has encountered as an information security person. Of course we are not going to reveal it to you, but click here to find about about the problem he had encountered and hints at solving it.

Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.

Anyway, here are your meetups for this week.

Tuesday (7/20)

• ISSA DC Meetup – “State of the Hack: M-Trends- The Advanced Persistent Threat” by Robert Lee of Mandiant at Government Printing Office (732 North Capitol Street Washington, DC 20401; Room A138) from 6:30 to 9:30 PM (more info)

Wednesday (7/21)

• CapSecDC Meetup – A very special “Not in Vegas” edition of CapSecDC at Stetson’s Famous Bar & Grill (1610 U Street NW Washington, DC 20009) from 6:00 to 9:00 PM (more info)

Thursday (7/22)

• InfraGard NCMA Meetup – “The Communication Infrastructure and Organization of Transnational Cyber Criminal Syndicates” at E*TRADE FINANCIAL Corporation (671 North Glebe Road Arlington, VA 22203) from 11:30 AM to 1:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

If you can’t get enough of the local security scene, check out our NovaInfosec Twits list for even more great security blogs and people to follow on Twitter. Also be sure to follow myself (@nathiet), @grecs, and @novainfosec on Twitter if you want to know more about what’s going on in the local security community during the week.

And without further ado … here are the top picks for this week.

#3 -Brief Thoughts on SANS WhatWorks Summit in Forensics and Incident Response 2010: Interested in what was said at the SANS WhatWorks Summit in Forensics and Incident Response? One of the speakers provides us with his thoughts on the summit. Click here to read about what he said about the event.

#2 -Brief Thoughts on WEIS 2010: Richard Bejtlich provides his thoughts on an event he attended this time around. Click here to read about the happenings of the event.

#1 -Network Forensics Vendors: Get in the Cloud: Afraid that the end of Network Security Monitoring and related network-centric visibility and instrumentation measure is near due to cloud computing? Then you are in the right place as Richard Bejtlich shared with us what Network forensics need to do. Click here to see what he is talking and how it can be done.

Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.

We hope you had a superb 4^th of July; we have a quiet week in terms of meetups this week. It seems like the place to be is at the SANS Digital Forensics Awards Night where there will be prize giveaways. Anyway, here are your meetups for this week.

Thursday (7/15)

• ISSA NoVA Meetup – “Cyber Corp Update” by Mischel Kwon of EMC Corporation, Patrick J. Kelly of The George Washington University, Steven Hernandez of the Department of Health and Human Services, and Justin Hoeckle of HLR Security Group, LLC at Avaya Government Solutions (12730 Fair Lakes Circle Fairfax, VA 22033) from 5:30 to 8:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

And without further ado … here are the top picks for this week.

#3 -A Brief Look at O5Logon: A look at O5logon from oracle “For authentication, newer versions of Oracle (11g+) use a session agreement and key exchange scheme known as O5Logon.” Do you want to know what’s new or the weaknesses for O5Logon, then click here

#2 -Split-Horizon Assessment and the Oversight Effect: Rybolov introduces us to split-horizon assessment. If you want to know what’s he talking about then click here

#1 -Microsoft a Weak Link in National Security – ARS: This is a from a new blog that we have recently picked up. BrinkMater J offers his thoughts on why microsoft is a weak link in national security “Microsoft insiders have admitted to me that the company really did not take security seriously, even when they were being embarrassed by frequent highly publicized hacks.” This is a good read; click here to read more!!

Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.

Anyway, as of Sunday night here are the conferences we’ve confirmed.

July

• SANS What Works in Forensics & Incident Response Summit (Fairmont Washington DC; 07-08 to 07-09)
• Cybersecurity Symposium (Hilton Washington; 07-08)
• PCybersecurity & Innovation in the Information Economy Symposium (Ronald Reagan Building & International Trade Center; 07-27)

August

• EVT/WOTE Workshop (Wardman Park Marriott Hotel; 08-09 to 08-10)
• CSET Workshop (Wardman Park Marriott Hotel; 08-09)
• WOOT Workshop (Wardman Park Marriott Hotel; 08-09)
• CollSec Workshop (Wardman Park Marriott Hotel; 08-10)
• HealthSec Workshop ((Wardman Park Marriott Hotel; 08-10)
• HotSec Workshop (Wardman Park Marriott Hotel; 08-10)
• Metricon Conference (Wardman Park Marriott Hotel; 08-10)
• USENIX Security Symposium (Wardman Park Marriott Hotel; 08-11 to 08-13)
• SANS WhatWorks in Virtualization & Cloud Computing Summit (Fairmont Washington DC; 08-19 to 08-20)

September

• NoVA Hackers Association Metasploit Workshop (ICF International; 09-18)
• Software Assurance Forum (NIST; 09-21 to 10-01)
• IT Security Automation Conference (Baltimore Convention Center; 09-21 to 09-30)

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the conferences listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

We hope you had a superb 4^th of July; we have a quiet week in terms of meetups this week. It seems like the place to be is at the SANS Digital Forensics Awards Night where there will be prize giveaways. Anyway, here are your meetups for this week.

Thursday (7/8)

• Digital Forensics Awards Night - Vendor Panel, an Awards Ceremony Reception, the SANS Forensic Challenge Winners Presentation, and the Live Forensic 4Cast Awards Ceremony at the Fairmont Washington DC (2401 M Street, NW Washington, DC 20037) from 4:20 to 8:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

And without further ado … here are the top picks for this week.

#3 -IE6 ‘More Security’ than Chrome/Opera … Really? Our own blogger grecs shines on in the browser security issue. With recent attacks on companies i.e. Google, a battle of a more secure browser has been brooming. Here is an extract from his blog just to get you interested “I don’t know how they determined “more secure” in this case but common sense says that an old “creaking” browser is NOT more secure than the state of the art from Google or Opera.” Interested in what he has to say, then click here

#2 -Ensure your code is secure by using a Security API: Tim Donaworth of Gemini Solutions introduces us to ESAPI “Enterprise Security AP” from AWASP. If you are interested in ensuring that your code is secure then click here to learn more about ESAPI

#1 -Thinking about Cloud Security & Vulnerability Research: Three True Outcomes: As we don’t want to give anything away from this post, we suggest that you click here but the title gives away the post and it’s a great read.

Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.

Anyway, here are your meetups for this week.

Tuesday (6/29)

• InfraGard NCMA Meetup – “Critical Infrastructure Resiliency” by Greg Fowler of the FBI and Matthew Wombacher of the DHS at Springfield Hilton (6650 Loisdale Rd  Springfield, VA 22150) from 6:00 to 8:30 PM (more info)

Wednesday (6/30)

• CapSecDC Meetup – Normal Meeting at Stetson’s Famous Bar & Gril (1610 U St NW Washington DC 20009) from 6:00 to 9:00 PM (more info)

Friday (7/02)

• 2600 Baltimore Meetup – Normal Meeting at Barnes & Noble (Inner Harbor) (601 E. Pratt Street Baltimore, MD 21202) from 5:00 to 10:00 PM (more info)
• 2600 Arlington Meetup – Normal Meeting at Champps Pentagon Row (1201 S. Joyce Street Arlington, VA 22202) from 7:00 to 10:00 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

And without further ado … here are the top picks for this week.

#3 -Hacking Pages in Firefox with the HackBar: Another blog post on how a Firefox add-on can be used for security “HackBar adds a toolbar underneath the main address bar that can be toggled on or off with the F9 key. When enabled, the toolbar provides a miniature console of sorts for various testing tasks.” Click here to learn more about the add-on.

#2 -CloudShark, Another Packet Repository in the Cloud: Richard Bejtlich looks at CloudShark in his post. CloudShark is an online packet tool that ” renders the trace by invoking Tshark, then building the other Wireshark-like components separately.” Click here to learn more about the online packet tool.

#1 -Full Disclosure for Attacker Tools: It’s often said “Offense is the best defense.” Do you like the idea of taking the fight to the enemy? Richard Bejtlich blogs about disclosing details of vulnerabilities in attacker tools “However, disclosing details of vulnerabilities in attacker tools is likely to not work in the white hat’s favor. White hats are bound by restrictions like laws and rules that black hats routinely break.” What do you think? Should white hat researchers publish security advisories for black hat tools? Click here to read more of his delightful dilemma!

Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.